Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 1d345064 by Moritz Muehlenhoff at 2018-01-10T22:37:49+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -3,7 +3,7 @@ CVE-2017-1000441 CVE-2017-1000439 REJECTED CVE-2018-5331 (Discuz! DiscuzX X3.4 has XSS via the view parameter to ...) - TODO: check + NOT-FOR-US: Discuz! CVE-2018-5330 RESERVED CVE-2018-5329 @@ -39,7 +39,7 @@ CVE-2018-5315 CVE-2018-5314 RESERVED CVE-2017-1000465 (Sulu-standard version 1.6.6 is vulnerable to stored cross-site ...) - TODO: check + NOT-FOR-US: Sulu-standard CVE-2017-1000429 (rui Li finecms 5.0.10 is vulnerable to a reflected XSS in the file ...) NOT-FOR-US: rui Li finecms CVE-2017-1000428 (flatCore-CMS 1.4.6 is vulnerable to reflected XSS in ...) @@ -86,9 +86,9 @@ CVE-2018-5301 (Magento Community Edition and Enterprise Edition before 2.0.10 an CVE-2017-18025 (cgi-bin/drknow.cgi in Innotube ITGuard-Manager 0.0.0.1 allows remote ...) NOT-FOR-US: Innotube ITGuard-Manager CVE-2017-18024 (AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the default ...) - TODO: check + NOT-FOR-US: AvantFAX CVE-2017-18023 (Office Tracker 11.2.5 has XSS via the logincount parameter to the ...) - TODO: check + NOT-FOR-US: Office Tracker CVE-2018-XXXX [Password protect the JSONRPC interface] - electrum 3.0.5-1 (bug #886683) [jessie] - electrum <not-affected> (Only affects >= 2.6.4) @@ -134,7 +134,7 @@ CVE-2018-5284 (The ImageInject plugin 1.15 for WordPress has XSS via the flickr_ CVE-2018-5283 (The Photos in Wifi application 1.0.1 for iOS has directory traversal ...) NOT-FOR-US: Photos in Wifi application for iOS CVE-2018-5282 (Kentico 9.0 through 11.0 has a stack-based buffer overflow via the ...) - TODO: check + NOT-FOR-US: Kentico CVE-2018-5281 (SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices ...) NOT-FOR-US: SonicWall SonicOS CVE-2018-5280 (SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices ...) @@ -297,7 +297,7 @@ CVE-2018-5213 (The Simple Download Monitor plugin before 3.5.4 for WordPress has CVE-2018-5212 (The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS ...) NOT-FOR-US: Simple Download Monitor plugin for WordPress CVE-2018-5211 (PHP Melody version 2.7.1 suffer from SQL Injection Time-based attack ...) - TODO: check + NOT-FOR-US: PHP Melody CVE-2018-5210 (On Samsung mobile devices with N(7.x) software and Exynos chipsets, ...) NOT-FOR-US: Samsung mobile devices CVE-2018-5209 @@ -3315,9 +3315,9 @@ CVE-2017-1000418 (The WildMidi_Open function in WildMIDI since commit ...) NOTE: https://github.com/Mindwerks/wildmidi/issues/178 NOTE: https://github.com/Mindwerks/wildmidi/commit/814f31d8eceda8401eb812fc2e94ed143fdad0ab CVE-2017-1000413 (Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and ...) - TODO: check + NOT-FOR-US: OP-TEE CVE-2017-1000412 (Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and ...) - TODO: check + NOT-FOR-US: OP-TEE CVE-2018-3816 RESERVED CVE-2018-3815 (The "XML Interface to Messaging, Scheduling, and Signaling" (XIMSS) ...) @@ -3873,7 +3873,7 @@ CVE-2018-3612 CVE-2018-3611 RESERVED CVE-2018-3610 (SEMA driver in Intel Driver and Support Assistant before version 3.1.1 ...) - TODO: check + NOT-FOR-US: Intel CVE-2017-17968 (A buffer overflow vulnerability in NetTransport.exe in NetTransport ...) NOT-FOR-US: NetTransport Download Manager CVE-2017-17967 (pptreader.dll in Kingsoft WPS Office 10.1.0.6930 allows remote ...) @@ -3921,7 +3921,7 @@ CVE-2017-17947 CVE-2017-1000411 RESERVED CVE-2017-17946 (A buffer overflow in Handy Password 4.9.3 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Handy Password CVE-2017-17945 RESERVED CVE-2017-17944 @@ -4259,7 +4259,7 @@ CVE-2017-17852 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows CVE-2017-17842 RESERVED CVE-2017-17841 (Palo Alto Networks PAN-OS 6.1, 7.1, and 8.0.x before 8.0.7, when an ...) - TODO: check + NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2017-17840 (An issue was discovered in Open-iSCSI through 2.0.875. A local attacker ...) - open-iscsi 2.0.874-5 (bug #885021) [stretch] - open-iscsi <no-dsa> (Minor issue) @@ -9294,7 +9294,7 @@ CVE-2017-17664 (A Remote Crash issue was discovered in Asterisk Open Source 13.x CVE-2017-17663 RESERVED CVE-2017-17662 (Directory traversal in the HTTP server on Yawcam 0.2.6 through 0.6.0 ...) - TODO: check + NOT-FOR-US: Yawcam CVE-2017-17661 RESERVED CVE-2017-17660 @@ -15399,7 +15399,7 @@ CVE-2017-16516 (In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is CVE-2017-16515 RESERVED CVE-2017-16514 (Multiple persistent stored Cross-Site-Scripting (XSS) vulnerabilities ...) - TODO: check + NOT-FOR-US: WebsiteBaker CVE-2017-16513 (Ipswitch WS_FTP Professional before 12.6.0.3 has buffer overflows in ...) NOT-FOR-US: Ipswitch WS_FTP Professional CVE-2017-16512 @@ -17109,7 +17109,7 @@ CVE-2017-15943 (The configuration file import for applications, spyware and ...) CVE-2017-15942 (Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2017-15941 (Cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS ...) - TODO: check + NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2017-15940 (The web interface packet capture management component in Palo Alto ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2017-15939 (dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...) @@ -17268,7 +17268,7 @@ CVE-2017-15885 (Reflected XSS in the web administration portal on the Axis 2100 CVE-2017-15884 (In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) ...) NOT-FOR-US: HashiCorp Vagrant VMware Fusion plugin CVE-2017-15883 (Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow ...) - TODO: check + NOT-FOR-US: Sitefinity CVE-2017-15882 (The London Trust Media Private Internet Access (PIA) application before ...) NOT-FOR-US: London Trust Media Private Internet Access (PIA) application CVE-2017-15881 (Cross-Site Scripting vulnerability in KeystoneJS before 4.0.0-beta.7 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1d3450645d50951b64cfddccc8284e9f429bcc92 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1d3450645d50951b64cfddccc8284e9f429bcc92 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits